« List of all CVEs

CVE-2026-56362

ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization

Published: 7/8/2026 Last updated: 7/8/2026 Reserved: 6/20/2026

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.

CNA assigner: VulnCheck (83251b91-4cc7-4094-a5c7-464a1b83ea10) Requested by: n/a

Metrics

Version Score Severity Vector String
4.0 2.1 Low CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
3.1 3.3 Low CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (2)

Product Vendor Version
ImageMagick ImageMagick Android kernel
ImageMagick ImageMagick < 95.0.4638.69

References (2)

Credits (1)